fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Group application roles getting removed

Open paul-fink-silvacom opened this issue 2 years ago • 3 comments

Group application roles getting removed

Description

Group application roles getting removed after http api call or python client call

Affects versions

1.36.4 (affected previous versions as well not sure how far back

Steps to reproduce

Steps to reproduce the behavior:

  1. Run the following python:
    fusion_auth_client = FusionAuthClient("...",
                                          "https://dev.xxx.com")
    group_id = '123...'
    data_info = {'prettyName': 'ABC DEF'}
    data = {'data': data_info}
    request = {'group': data}
    client_response = fusion_auth_client.patch_group(group_id, request)
    if client_response.was_successful():
        print(client_response.success_response)
    else:
        print(client_response.error_response)
  1. The response comes back successful with the application roles
  2. If you try to retrieve the group no roles come back. They are not present in the gui

I don't see any errors logged any where

The behaviour is the same if you make an http api call using postman.

If you include the application roles in the request they still get removed

Expected behavior

I expect that the roles should not get removed and the data gets updated.

Screenshots

Before: image

After:

image

Platform

Trying from windows desktop using postman or python client fusionauth is connected to a postgres database

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Additional context

Topic brought up here (https://fusionauth.io/community/forum/topic/2045/group-application-roles-getting-removed)

paul-fink-silvacom avatar May 09 '22 14:05 paul-fink-silvacom

Can replicate this against the sandbox environment.

To do so, create a group in the sandbox, give it some roles. Get the Id and put it in the GID variable below. Also grab an API key (I used the default one) and put it in the API_KEY variable.

Get the group:

API_KEY=...
GID=...

curl -XGET -H "Authorization: $API_KEY" https://sandbox.fusionauth.io/api/group/$GID

Patch the group:

API_KEY=...
GID=...

curl -XPATCH -H "Content-type: application/json" -H "Authorization: $API_KEY" https://sandbox.fusionauth.io/api/group/$GID -d '{
    "group": {
        "data": { "a":"b" } 
    } 
}
'

If you get the group again, or examine it in the admin ui, you'll see the roles are gone.

Looking at the code, it looks like we don't persist the roles in the case of a PATCH. An update should work fine because we have the roles in the request.

So a workaround @paul-fink-silvacom , is to retrieve the group then update it (that is, don't use patch).

mooreds avatar May 13 '22 02:05 mooreds

@mooreds has this been replicated? Assuming if there is a bug here, it is in the client lib and not in FusionAuth.

robotdan avatar Aug 31 '22 15:08 robotdan

I did replicate it as indicated here: https://github.com/FusionAuth/fusionauth-issues/issues/1717#issuecomment-1125598276

No client library involved, just curl.

mooreds avatar Aug 31 '22 17:08 mooreds

Thanks for the fix. It is working as expected now.

paul-fink-silvacom avatar Sep 12 '22 18:09 paul-fink-silvacom